CHB:ARM: save cfg info

Author: sipma

CodeHawk/CHB/bchanalyze/bCHFileIO.ml

@@ -59,6 +59,7 @@ open BCHMIPSDictionary
 (* bchlibarm32 *)
 open BCHARMAssemblyInstructions
 open BCHARMDictionary
+open BCHARMLoopStructure
 
 (* bchlibpower32 *)
 open BCHPowerAssemblyInstructions
@@ -92,6 +93,7 @@ let get_bch_root (info:string):xml_element_int =
   end
 
 
+(* applies to x86 only *)
 let save_functions_list () =
   let filename = get_functions_filename () in
   let doc = xmlDocument () in
@@ -125,6 +127,67 @@ let save_functions_list () =
   end
 
 
+let save_arm_functions_list () =
+  let filename = get_functions_filename () in
+  let doc = xmlDocument () in
+  let root  = get_bch_root "functions" in
+  let ffNode = xmlElement "functions" in
+  let subnodes = ref [] in
+  begin
+    BCHARMAssemblyFunctions.arm_assembly_functions#itera (fun faddr f ->
+        let fNode = xmlElement "fn" in
+        let jtc = f#get_jumptable_count in
+        let (translation, lc, ld, ujc) =
+          try
+            begin
+              BCHTranslateARMToCHIF.translate_arm_assembly_function f;
+              record_arm_loop_levels faddr;
+              ("ok",
+               get_arm_loop_count_from_table f,
+               get_arm_loop_depth_from_table f,
+               (-1))
+            end
+          with
+          | BCH_failure p ->
+             let finfo = BCHFunctionInfo.get_function_info faddr in
+             let ujc = finfo#get_unknown_jumps_count in
+             (CHPrettyUtil.pretty_to_string p, (-1), (-1), ujc) in
+        let set = fNode#setAttribute in
+        let seti = fNode#setIntAttribute in
+        let setx t x = set t x#to_hex_string in
+        begin
+	  (if functions_data#has_function_name faddr then
+	     let name = (functions_data#get_function faddr)#get_function_name in
+             let name =
+               if has_control_characters name then
+                 "__xx__" ^ (hex_string name)
+               else
+                 name in
+	     set "name" name);
+	  setx "va" faddr;
+	  seti "ic" f#get_instruction_count;
+	  seti "bc" f#get_block_count;
+          (if jtc > 0 then seti "jtc" jtc);
+          (if translation = "ok" then
+             begin
+               (if lc > 0 then seti "lc" lc);
+               (if ld > 0 then seti "ld" ld);
+             end
+           else
+             begin
+               set "tr" "x";
+               seti "ujc" ujc
+             end);
+          subnodes := fNode :: !subnodes
+        end);
+    ffNode#appendChildren !subnodes;
+    doc#setNode root;
+    root#appendChildren [ffNode];
+    file_output#saveFile filename doc#toPretty
+  end
+
+
+
 let save_global_state () =
   let filename = get_global_state_filename () in
   let doc = xmlDocument () in

CodeHawk/CHB/bchanalyze/bCHFileIO.mli

@@ -36,8 +36,12 @@ open BCHLibTypes
 (* bchlibx86 *)
 open BCHLibx86Types
 
-
+(** save function cfg info (x86 only) *)
 val save_functions_list: unit -> unit
+
+(** save function cfg info for arm functions *)
+val save_arm_functions_list: unit -> unit
+
 val save_global_state: unit -> unit
 val save_system_info: unit -> unit
 val save_resultmetrics: xml_element_int -> unit

CodeHawk/CHB/bchcmdline/bCHXBinaryAnalyzer.ml

@@ -107,6 +107,7 @@ let export_directory = ref ""
 let savecfgs = ref false
 let save_xml = ref false  (* save disassembly status in xml *)
 let save_asm = ref false
+let save_asm_cfg_info = ref false  (* save functions list with cfg info in xml *)
 let set_datablocks = ref false   (* only supported for arm *)
 let construct_all_functions = ref false
 
@@ -204,6 +205,8 @@ let speclist =
      "save disassembly status in xml for bulk evaluation");
     ("-save_asm", Arg.Unit (fun () -> save_asm := true),
      "save assembly listing in the analysis directory");
+    ("-save_asm_cfg_info", Arg.Unit (fun () -> save_asm_cfg_info := true),
+     "save list of functions with cfg info to xml file (may be slow)");
     ("-construct_all_functions",
      Arg.Unit (fun () -> construct_all_functions := true),
      "construct all functions even if analyzing only a few of them");
@@ -588,6 +591,11 @@ let main () =
               (get_duplicate_coverage_filename ())
               (STR (BCHARMAssemblyFunctions.arm_assembly_functions#duplicates_to_string));
             pr_timing [STR "duplicates listing saved"];
+            (if !save_asm_cfg_info then
+               begin
+                 save_arm_functions_list ();
+                 pr_timing [STR "function cfg info saved"]
+               end);
             save_system_info ();
             pr_timing [STR "system_info saved"];
             save_arm_dictionary ();

CodeHawk/CHB/bchlibarm32/bCHARMAssemblyFunction.ml

@@ -106,6 +106,8 @@ object (self)
 
   method get_block_count = List.length blocks
 
+  method get_jumptable_count = List.length self#get_jumptables
+
   method get_not_valid_instr_count =
     let c = ref 0 in
     let _ =

CodeHawk/CHB/bchlibarm32/bCHARMAssemblyFunctions.ml

@@ -915,14 +915,20 @@ let get_arm_disassembly_metrics () =
   let loaded_imports = [] in
   let imports = imported_imports @ loaded_imports in
   let numunknown = !arm_assembly_instructions#get_num_unknown_instructions in
+  let jumptables =
+    List.fold_left (fun acc (va, _) ->
+        if arm_assembly_functions#includes_instruction_address va then
+          acc + 1
+        else
+          acc) 0 !arm_assembly_instructions#get_jumptables in
   { dm_unknown_instrs = numunknown;
     dm_instrs = instrs;
     dm_functions = arm_assembly_functions#get_num_functions;
     dm_coverage = coverage;
     dm_pcoverage = 100.0 *. (float_of_int coverage) /. (float_of_int instrs) ;
     dm_overlap = overlap;
     dm_alloverlap = alloverlap;
-    dm_jumptables = List.length system_info#get_jumptables;
+    dm_jumptables = jumptables;
     dm_datablocks = List.length system_info#get_data_blocks;
     dm_imports = imports;
     dm_so_imports = system_info#dmso_metrics;

CodeHawk/CHB/bchlibarm32/bCHARMAssemblyInstructions.ml

@@ -37,6 +37,7 @@ open CHXmlDocument
 (* bchlib *)
 open BCHBasicTypes
 open BCHByteUtilities
+open BCHConstantDefinitions
 open BCHDataBlock
 open BCHDoubleword
 open BCHFunctionData
@@ -702,6 +703,15 @@ object (self)
                                ^ "  Faddr:<"
                                ^ v#to_hex_string
                                ^ ">"
+                             else if has_symbolic_address_name v then
+                               let name = get_symbolic_address_name v in
+                               "  "
+                               ^ (fixed_length_string addr 10)
+                               ^ "  Sym:<"
+                               ^ v#to_hex_string
+                               ^ ":"
+                               ^ name
+                               ^ ">"
                              else if elf_header#is_code_address v then
                                "  "
                                ^ (fixed_length_string addr 10)

CodeHawk/CHB/bchlibarm32/bCHARMTypes.mli

@@ -1813,6 +1813,7 @@ class type arm_assembly_function_int =
     method get_function_md5: string
     method get_instruction_count: int
     method get_block_count: int
+    method get_jumptable_count: int
     method get_not_valid_instr_count: int
     method get_true_conditional_return: arm_assembly_block_int option
 

CodeHawk/CHB/bchlibarm32/bCHConstructARMFunction.ml

@@ -254,13 +254,22 @@ let get_successors
                    if !arm_assembly_instructions#is_code_address addr then
                      [addr]
                    else
-                     [])
+                     let floc = get_floc_by_address faddr instr#get_address in
+                     begin
+                       floc#f#set_unknown_jumptarget instr#get_address#to_hexstring;
+                       []
+                     end)
                  []
                  (numerical_to_doubleword tgt)
             | _ -> [])
 
         (* no information available, give up *)
-        | Branch _ | BranchExchange _ -> []
+        | Branch _ | BranchExchange _ ->
+           let floc = get_floc_by_address faddr instr#get_address in
+           begin
+             floc#f#set_unknown_jumptarget instr#get_address#to_hex_string;
+             []
+           end
 
         | _ -> next () in